iartamonov/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2026-06-29 03:20:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

merge into: iartamonov/matrix-docker-ansible-deploy:baibot-add-venice-wiring
Branches Tags
iartamonov/matrix-docker-ansible-deploy:master iartamonov/matrix-docker-ansible-deploy:baibot-add-venice-wiring iartamonov/matrix-docker-ansible-deploy:create-pull-request/i18n iartamonov/matrix-docker-ansible-deploy:renovate/matrixdotorg-sygnal-0.x iartamonov/matrix-docker-ansible-deploy:migration-validation-system iartamonov/matrix-docker-ansible-deploy:copilot/update-exim-relay-docs iartamonov/matrix-docker-ansible-deploy:synapse-user-register-wait-for iartamonov/matrix-docker-ansible-deploy:remove-zulip-bridge iartamonov/matrix-docker-ansible-deploy:stabilize-mas iartamonov/matrix-docker-ansible-deploy:element-call-stack iartamonov/matrix-docker-ansible-deploy:element-call-integration iartamonov/matrix-docker-ansible-deploy:synapse-cache-tuning iartamonov/matrix-docker-ansible-deploy:HarHarLinks/hookshot-encryption
..
pull from: iartamonov/matrix-docker-ansible-deploy:master
Branches Tags
iartamonov/matrix-docker-ansible-deploy:master iartamonov/matrix-docker-ansible-deploy:baibot-add-venice-wiring iartamonov/matrix-docker-ansible-deploy:create-pull-request/i18n iartamonov/matrix-docker-ansible-deploy:renovate/matrixdotorg-sygnal-0.x iartamonov/matrix-docker-ansible-deploy:migration-validation-system iartamonov/matrix-docker-ansible-deploy:copilot/update-exim-relay-docs iartamonov/matrix-docker-ansible-deploy:synapse-user-register-wait-for iartamonov/matrix-docker-ansible-deploy:remove-zulip-bridge iartamonov/matrix-docker-ansible-deploy:stabilize-mas iartamonov/matrix-docker-ansible-deploy:element-call-stack iartamonov/matrix-docker-ansible-deploy:element-call-integration iartamonov/matrix-docker-ansible-deploy:synapse-cache-tuning iartamonov/matrix-docker-ansible-deploy:HarHarLinks/hookshot-encryption

9 Commits
baibot-add-venice-wiring .. master

Author SHA1 Message Date
Slavi Pantaleev 42c173c0b3 mautrix-meta-messenger: expose bridge HTTP API (for mautrix-manager and similar) 
Auto-generate the provisioning shared secret (to enable the provisioning
API), route the whole bridge HTTP port via Traefik under
`<matrix-fqn>/bridges/meta-messenger`, and populate
appservice.public_address, reusing the matrix_bridges_exposure_*
mechanism. The labels template gate is widened so the exposure router is
emitted even when metrics are disabled (the exposure router reuses the
existing appservice Traefik service on port 29319).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-28 20:17:47 +03:00
Slavi Pantaleev 20a2395403 mautrix-meta-instagram: expose bridge HTTP API (for mautrix-manager and similar) 
Auto-generate the provisioning shared secret (to enable the provisioning
API), route the whole bridge HTTP port via Traefik under
`<matrix-fqn>/bridges/meta-instagram`, and populate
appservice.public_address, reusing the matrix_bridges_exposure_*
mechanism. The labels template gate is widened so the exposure router is
emitted even when metrics are disabled (the exposure router reuses the
existing appservice Traefik service on port 29319).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-28 20:15:57 +03:00
Slavi Pantaleev 1b9b1119a1 mautrix-whatsapp: expose bridge HTTP API (for mautrix-manager and similar) 
Auto-generate the provisioning shared secret (to enable the provisioning
API), route the whole mautrix-whatsapp HTTP port via Traefik under
`<matrix-fqn>/bridges/whatsapp`, and populate appservice.public_address,
reusing the matrix_bridges_exposure_* mechanism.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-28 20:11:30 +03:00
Slavi Pantaleev 2d7058fa59 mautrix-bluesky: expose bridge HTTP API (for mautrix-manager and similar) 
Route the whole mautrix-bluesky HTTP port via Traefik under
`<matrix-fqn>/bridges/bluesky` and populate the existing
appservice.public_address, reusing the matrix_bridges_exposure_*
mechanism. The provisioning shared secret is already auto-generated in
group_vars, so the provisioning API is enabled.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-28 20:09:43 +03:00
Slavi Pantaleev 44c8736c08 mautrix-twitter: expose bridge HTTP API (for mautrix-manager and similar) 
Route the whole mautrix-twitter HTTP port via Traefik under
`<matrix-fqn>/bridges/twitter` and populate the existing
appservice.public_address, reusing the matrix_bridges_exposure_*
mechanism. The provisioning shared secret is already auto-generated in
group_vars, so the provisioning API is enabled.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-28 20:08:11 +03:00
Slavi Pantaleev a50e7960d8 mautrix-signal: expose bridge HTTP API (for mautrix-manager and similar) 
Route the whole mautrix-signal HTTP port via Traefik under
`<matrix-fqn>/bridges/signal` and populate appservice.public_address,
reusing the matrix_bridges_exposure_* mechanism. The provisioning shared
secret is already auto-generated in group_vars, so the provisioning API
is enabled.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-28 20:05:18 +03:00
Slavi Pantaleev d2252db4fe mautrix-telegram: expose bridge HTTP API (for mautrix-manager and similar) 
Route the whole mautrix-telegram HTTP port via Traefik under
`<matrix-fqn>/bridges/telegram` and populate appservice.public_address,
reusing the matrix_bridges_exposure_* mechanism. The provisioning shared
secret is already auto-generated in group_vars, so the provisioning API
is enabled.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-28 19:56:24 +03:00
Slavi Pantaleev a4ddba3989 mautrix-gmessages: expose bridge HTTP API (for mautrix-manager and similar) 
Add a generic mechanism for exposing bridges' HTTP API (the provisioning
API, etc.) publicly on the Matrix domain, so tools like mautrix-manager
(https://github.com/mautrix/manager) can drive bridge login.

- Introduce global matrix_bridges_exposure_* vars (on by default),
  exposing each supported bridge under `<matrix-fqn>/bridges/<bridge>`.
- mautrix-gmessages: make the provisioning shared secret configurable
  (auto-generated in group_vars) so the provisioning API is enabled,
  route the whole bridge HTTP port via Traefik, and populate
  appservice.public_address.

Requests are authenticated by the bridge itself (per-user Matrix access
token for the provisioning API, homeserver token for the appservice
endpoints), not by the reverse proxy.

This is the first bridge converted; the other mautrix bridges will follow.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-28 19:52:24 +03:00
Aine d61979a0b9 baibot: add venice wiring 2026-06-28 19:50:08 +03:00
24 changed files with 501 additions and 13 deletions
Expand all files Collapse all files
group_vars/matrix_servers
+45
View File
@@ -1471,6 +1471,11 @@ matrix_mautrix_bluesky_metrics_proxying_enabled: "{{ matrix_mautrix_bluesky_metr
matrix_mautrix_bluesky_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}" matrix_mautrix_bluesky_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_bluesky_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-bluesky" matrix_mautrix_bluesky_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-bluesky"
matrix_mautrix_bluesky_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_mautrix_bluesky_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
matrix_mautrix_bluesky_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
matrix_mautrix_bluesky_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/bluesky"
matrix_mautrix_bluesky_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_bluesky_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mautrix_bluesky_database_password: "{{ (matrix_homeserver_generic_secret_key + ':mau.twt.db') | hash('sha512') | to_uuid if postgres_enabled else '' }}" matrix_mautrix_bluesky_database_password: "{{ (matrix_homeserver_generic_secret_key + ':mau.twt.db') | hash('sha512') | to_uuid if postgres_enabled else '' }}"
@@ -1829,6 +1834,11 @@ matrix_mautrix_signal_metrics_proxying_enabled: "{{ matrix_mautrix_signal_metric
matrix_mautrix_signal_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}" matrix_mautrix_signal_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_signal_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-signal" matrix_mautrix_signal_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-signal"
matrix_mautrix_signal_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_mautrix_signal_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
matrix_mautrix_signal_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
matrix_mautrix_signal_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/signal"
matrix_mautrix_signal_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" matrix_mautrix_signal_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mautrix_signal_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_signal_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mautrix_signal_database_password: "{{ (matrix_homeserver_generic_secret_key + ':mau.signal.db') | hash('sha512') | to_uuid }}" matrix_mautrix_signal_database_password: "{{ (matrix_homeserver_generic_secret_key + ':mau.signal.db') | hash('sha512') | to_uuid }}"
@@ -1889,6 +1899,7 @@ matrix_mautrix_meta_messenger_appservice_token: "{{ (matrix_homeserver_generic_s
matrix_mautrix_meta_messenger_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_meta_messenger_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_meta_messenger_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':mau.meta.fb.hs') | hash('sha512') | to_uuid }}" matrix_mautrix_meta_messenger_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':mau.meta.fb.hs') | hash('sha512') | to_uuid }}"
matrix_mautrix_meta_messenger_provisioning_shared_secret: "{{ (matrix_homeserver_generic_secret_key + ':mau.meta.fb.prov') | hash('sha512') | to_uuid }}"
matrix_mautrix_meta_messenger_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" matrix_mautrix_meta_messenger_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
@@ -1907,6 +1918,11 @@ matrix_mautrix_meta_messenger_metrics_proxying_enabled: "{{ matrix_mautrix_meta_
matrix_mautrix_meta_messenger_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}" matrix_mautrix_meta_messenger_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_meta_messenger_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-meta-messenger" matrix_mautrix_meta_messenger_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-meta-messenger"
matrix_mautrix_meta_messenger_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_mautrix_meta_messenger_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
matrix_mautrix_meta_messenger_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
matrix_mautrix_meta_messenger_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/meta-messenger"
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path. # and point them to a migration path.
matrix_mautrix_meta_messenger_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite3-fk-wal' }}" matrix_mautrix_meta_messenger_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite3-fk-wal' }}"
@@ -1967,6 +1983,7 @@ matrix_mautrix_meta_instagram_appservice_token: "{{ (matrix_homeserver_generic_s
matrix_mautrix_meta_instagram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_meta_instagram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_meta_instagram_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':mau.meta.ig.hs') | hash('sha512') | to_uuid }}" matrix_mautrix_meta_instagram_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':mau.meta.ig.hs') | hash('sha512') | to_uuid }}"
matrix_mautrix_meta_instagram_provisioning_shared_secret: "{{ (matrix_homeserver_generic_secret_key + ':mau.meta.ig.prov') | hash('sha512') | to_uuid }}"
matrix_mautrix_meta_instagram_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" matrix_mautrix_meta_instagram_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
@@ -1985,6 +2002,11 @@ matrix_mautrix_meta_instagram_metrics_proxying_enabled: "{{ matrix_mautrix_meta_
matrix_mautrix_meta_instagram_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}" matrix_mautrix_meta_instagram_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_meta_instagram_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-meta-instagram" matrix_mautrix_meta_instagram_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-meta-instagram"
matrix_mautrix_meta_instagram_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_mautrix_meta_instagram_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
matrix_mautrix_meta_instagram_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
matrix_mautrix_meta_instagram_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/meta-instagram"
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path. # and point them to a migration path.
matrix_mautrix_meta_instagram_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite3-fk-wal' }}" matrix_mautrix_meta_instagram_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite3-fk-wal' }}"
@@ -2064,6 +2086,11 @@ matrix_mautrix_telegram_metrics_proxying_enabled: "{{ matrix_mautrix_telegram_me
matrix_mautrix_telegram_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}" matrix_mautrix_telegram_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_telegram_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-telegram" matrix_mautrix_telegram_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-telegram"
matrix_mautrix_telegram_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_mautrix_telegram_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
matrix_mautrix_telegram_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
matrix_mautrix_telegram_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/telegram"
# Postgres is the default, except if not using internal Postgres server # Postgres is the default, except if not using internal Postgres server
matrix_mautrix_telegram_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" matrix_mautrix_telegram_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mautrix_telegram_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_telegram_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
@@ -2140,6 +2167,11 @@ matrix_mautrix_twitter_metrics_proxying_enabled: "{{ matrix_mautrix_twitter_metr
matrix_mautrix_twitter_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}" matrix_mautrix_twitter_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_twitter_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-twitter" matrix_mautrix_twitter_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-twitter"
matrix_mautrix_twitter_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_mautrix_twitter_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
matrix_mautrix_twitter_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
matrix_mautrix_twitter_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/twitter"
matrix_mautrix_twitter_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_twitter_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mautrix_twitter_database_password: "{{ (matrix_homeserver_generic_secret_key + ':mau.twt.db') | hash('sha512') | to_uuid if postgres_enabled else '' }}" matrix_mautrix_twitter_database_password: "{{ (matrix_homeserver_generic_secret_key + ':mau.twt.db') | hash('sha512') | to_uuid if postgres_enabled else '' }}"
@@ -2195,6 +2227,8 @@ matrix_mautrix_gmessages_appservice_token: "{{ (matrix_homeserver_generic_secret
matrix_mautrix_gmessages_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_gmessages_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_gmessages_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':gmessa.hs.token') | hash('sha512') | to_uuid }}" matrix_mautrix_gmessages_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':gmessa.hs.token') | hash('sha512') | to_uuid }}"
matrix_mautrix_gmessages_provisioning_shared_secret: "{{ (matrix_homeserver_generic_secret_key + ':gmessa.prov') | hash('sha512') | to_uuid }}"
matrix_mautrix_gmessages_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" matrix_mautrix_gmessages_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_gmessages_double_puppet_secrets_auto: |- matrix_mautrix_gmessages_double_puppet_secrets_auto: |-
@@ -2212,6 +2246,11 @@ matrix_mautrix_gmessages_metrics_proxying_enabled: "{{ matrix_mautrix_gmessages_
matrix_mautrix_gmessages_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}" matrix_mautrix_gmessages_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_gmessages_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-gmessages" matrix_mautrix_gmessages_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-gmessages"
matrix_mautrix_gmessages_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_mautrix_gmessages_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
matrix_mautrix_gmessages_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
matrix_mautrix_gmessages_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/gmessages"
# Postgres is the default, except if not using internal Postgres server # Postgres is the default, except if not using internal Postgres server
matrix_mautrix_gmessages_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" matrix_mautrix_gmessages_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mautrix_gmessages_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_gmessages_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
@@ -2376,6 +2415,7 @@ matrix_mautrix_whatsapp_appservice_token: "{{ (matrix_homeserver_generic_secret_
matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_whatsapp_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':wa.hs.token') | hash('sha512') | to_uuid }}" matrix_mautrix_whatsapp_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':wa.hs.token') | hash('sha512') | to_uuid }}"
matrix_mautrix_whatsapp_provisioning_shared_secret: "{{ (matrix_homeserver_generic_secret_key + ':wa.prov') | hash('sha512') | to_uuid }}"
matrix_mautrix_whatsapp_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" matrix_mautrix_whatsapp_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
@@ -2394,6 +2434,11 @@ matrix_mautrix_whatsapp_metrics_proxying_enabled: "{{ matrix_mautrix_whatsapp_me
matrix_mautrix_whatsapp_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}" matrix_mautrix_whatsapp_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_whatsapp_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-whatsapp" matrix_mautrix_whatsapp_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-whatsapp"
matrix_mautrix_whatsapp_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_mautrix_whatsapp_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
matrix_mautrix_whatsapp_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
matrix_mautrix_whatsapp_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/whatsapp"
# Postgres is the default, except if not using internal Postgres server # Postgres is the default, except if not using internal Postgres server
matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mautrix_whatsapp_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_whatsapp_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
roles/custom/matrix-base/defaults/main.yml
+9
View File
@@ -54,6 +54,15 @@ matrix_bridges_msc4190_enabled: "{{ matrix_authentication_service_enabled and ma
# Global var for enabling bridge self-signing ( On supported bridges) # Global var for enabling bridge self-signing ( On supported bridges)
matrix_bridges_self_sign_enabled: "{{ matrix_bridges_msc4190_enabled }}" matrix_bridges_self_sign_enabled: "{{ matrix_bridges_msc4190_enabled }}"
# Global vars for exposing bridges' HTTP API publicly on the Matrix domain.
# This is used by tools like mautrix-manager (https://github.com/mautrix/manager) to drive bridge login.
# Each supported bridge's HTTP endpoint is exposed under `<path_prefix>/<bridge>` (e.g. `/bridges/gmessages`).
# Requests are authenticated by the bridge itself (e.g. per-user Matrix access token for the provisioning API,
# or the homeserver token for the appservice endpoints), not by us.
matrix_bridges_exposure_enabled: true
matrix_bridges_exposure_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_bridges_exposure_path_prefix: /bridges
# Global var to enable/disable relay mode across all bridges with relay mode support # Global var to enable/disable relay mode across all bridges with relay mode support
matrix_bridges_relay_enabled: false matrix_bridges_relay_enabled: false
roles/custom/matrix-bridge-mautrix-bluesky/defaults/main.yml
+20 -2
View File
@@ -36,8 +36,12 @@ matrix_mautrix_bluesky_appservice_address: 'http://matrix-mautrix-bluesky:29340'
matrix_mautrix_bluesky_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" matrix_mautrix_bluesky_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
matrix_mautrix_bluesky_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}" matrix_mautrix_bluesky_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
# A public address that external services can use to reach this appservice. # Scheme of the bridge's public address (see `matrix_mautrix_bluesky_appservice_public_address`).
matrix_mautrix_bluesky_appservice_public_address: '' matrix_mautrix_bluesky_scheme: https
# A public address that external services can use to reach this appservice (when exposed).
# Used for the provisioning API's external-server (OpenID) flow and for public media links.
matrix_mautrix_bluesky_appservice_public_address: "{{ (matrix_mautrix_bluesky_scheme + '://' + matrix_mautrix_bluesky_exposure_hostname + matrix_mautrix_bluesky_exposure_path_prefix) if matrix_mautrix_bluesky_exposure_enabled else '' }}"
# Displayname template for Bluesky users. # Displayname template for Bluesky users.
# {{ .DisplayName }} is replaced with the display name of the Bluesky user. # {{ .DisplayName }} is replaced with the display name of the Bluesky user.
@@ -78,6 +82,15 @@ matrix_mautrix_bluesky_container_labels_metrics_middleware_basic_auth_enabled: f
# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
matrix_mautrix_bluesky_container_labels_metrics_middleware_basic_auth_users: '' matrix_mautrix_bluesky_container_labels_metrics_middleware_basic_auth_users: ''
# Controls whether labels will be added that expose mautrix-bluesky's HTTP API
# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
matrix_mautrix_bluesky_container_labels_exposure_enabled: "{{ matrix_mautrix_bluesky_exposure_enabled }}"
matrix_mautrix_bluesky_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_bluesky_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_bluesky_exposure_path_prefix }}`)"
matrix_mautrix_bluesky_container_labels_exposure_traefik_priority: 0
matrix_mautrix_bluesky_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_bluesky_container_labels_traefik_entrypoints }}"
matrix_mautrix_bluesky_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_bluesky_container_labels_exposure_traefik_entrypoints != 'web' }}"
matrix_mautrix_bluesky_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_bluesky_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# matrix_mautrix_bluesky_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # matrix_mautrix_bluesky_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details. # See `../templates/labels.j2` for details.
# #
@@ -158,6 +171,11 @@ matrix_mautrix_bluesky_metrics_proxying_enabled: false
matrix_mautrix_bluesky_metrics_proxying_hostname: '' matrix_mautrix_bluesky_metrics_proxying_hostname: ''
matrix_mautrix_bluesky_metrics_proxying_path_prefix: '' matrix_mautrix_bluesky_metrics_proxying_path_prefix: ''
# Controls whether mautrix-bluesky's HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
matrix_mautrix_bluesky_exposure_enabled: false
matrix_mautrix_bluesky_exposure_hostname: ''
matrix_mautrix_bluesky_exposure_path_prefix: ''
# Default configuration template which covers the generic use case. # Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it. # You can customize it by controlling the various variables inside it.
# #
roles/custom/matrix-bridge-mautrix-bluesky/templates/labels.j2
+33
View File
@@ -46,6 +46,39 @@ traefik.http.routers.matrix-mautrix-bluesky-metrics.tls.certResolver={{ matrix_m
############################################################ ############################################################
{% endif %} {% endif %}
{% if matrix_mautrix_bluesky_container_labels_exposure_enabled %}
############################################################
# #
# Bridge API exposure #
# #
############################################################
traefik.http.services.matrix-mautrix-bluesky-exposure.loadbalancer.server.port=29340
traefik.http.middlewares.matrix-mautrix-bluesky-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_bluesky_exposure_path_prefix }}
traefik.http.routers.matrix-mautrix-bluesky-exposure.middlewares=matrix-mautrix-bluesky-exposure-strip-prefix
traefik.http.routers.matrix-mautrix-bluesky-exposure.rule={{ matrix_mautrix_bluesky_container_labels_exposure_traefik_rule }}
{% if matrix_mautrix_bluesky_container_labels_exposure_traefik_priority | int > 0 %}
traefik.http.routers.matrix-mautrix-bluesky-exposure.priority={{ matrix_mautrix_bluesky_container_labels_exposure_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-mautrix-bluesky-exposure.service=matrix-mautrix-bluesky-exposure
traefik.http.routers.matrix-mautrix-bluesky-exposure.entrypoints={{ matrix_mautrix_bluesky_container_labels_exposure_traefik_entrypoints }}
traefik.http.routers.matrix-mautrix-bluesky-exposure.tls={{ matrix_mautrix_bluesky_container_labels_exposure_traefik_tls | to_json }}
{% if matrix_mautrix_bluesky_container_labels_exposure_traefik_tls %}
traefik.http.routers.matrix-mautrix-bluesky-exposure.tls.certResolver={{ matrix_mautrix_bluesky_container_labels_exposure_traefik_tls_certResolver }}
{% endif %}
############################################################
# #
# /Bridge API exposure #
# #
############################################################
{% endif %}
{% endif %} {% endif %}
roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
+25
View File
@@ -38,6 +38,13 @@ matrix_mautrix_gmessages_homeserver_async_media: false
matrix_mautrix_gmessages_homeserver_domain: "{{ matrix_domain }}" matrix_mautrix_gmessages_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_gmessages_appservice_address: "http://matrix-mautrix-gmessages:8080" matrix_mautrix_gmessages_appservice_address: "http://matrix-mautrix-gmessages:8080"
# Scheme of the bridge's public address (see `matrix_mautrix_gmessages_bridge_public_address`).
matrix_mautrix_gmessages_scheme: https
# The public base URL at which this bridge's HTTP API is reachable from outside (when exposed).
# Used for the provisioning API's external-server (OpenID) flow and for public media links.
matrix_mautrix_gmessages_bridge_public_address: "{{ (matrix_mautrix_gmessages_scheme + '://' + matrix_mautrix_gmessages_exposure_hostname + matrix_mautrix_gmessages_exposure_path_prefix) if matrix_mautrix_gmessages_exposure_enabled else '' }}"
matrix_mautrix_gmessages_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" matrix_mautrix_gmessages_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
matrix_mautrix_gmessages_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}" matrix_mautrix_gmessages_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
@@ -75,6 +82,15 @@ matrix_mautrix_gmessages_container_labels_metrics_middleware_basic_auth_enabled:
# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
matrix_mautrix_gmessages_container_labels_metrics_middleware_basic_auth_users: '' matrix_mautrix_gmessages_container_labels_metrics_middleware_basic_auth_users: ''
# Controls whether labels will be added that expose mautrix-gmessages' HTTP API
# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
matrix_mautrix_gmessages_container_labels_exposure_enabled: "{{ matrix_mautrix_gmessages_exposure_enabled }}"
matrix_mautrix_gmessages_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_gmessages_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_gmessages_exposure_path_prefix }}`)"
matrix_mautrix_gmessages_container_labels_exposure_traefik_priority: 0
matrix_mautrix_gmessages_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_gmessages_container_labels_traefik_entrypoints }}"
matrix_mautrix_gmessages_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_gmessages_container_labels_exposure_traefik_entrypoints != 'web' }}"
matrix_mautrix_gmessages_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_gmessages_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# matrix_mautrix_gmessages_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # matrix_mautrix_gmessages_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details. # See `../templates/labels.j2` for details.
# #
@@ -119,6 +135,11 @@ matrix_mautrix_gmessages_metrics_proxying_enabled: false
matrix_mautrix_gmessages_metrics_proxying_hostname: '' matrix_mautrix_gmessages_metrics_proxying_hostname: ''
matrix_mautrix_gmessages_metrics_proxying_path_prefix: '' matrix_mautrix_gmessages_metrics_proxying_path_prefix: ''
# Controls whether mautrix-gmessages' HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
matrix_mautrix_gmessages_exposure_enabled: false
matrix_mautrix_gmessages_exposure_hostname: ''
matrix_mautrix_gmessages_exposure_path_prefix: ''
# Database-related configuration fields. # Database-related configuration fields.
# #
# To use SQLite, stick to these defaults. # To use SQLite, stick to these defaults.
@@ -168,6 +189,10 @@ matrix_mautrix_gmessages_appservice_username_template: "{% raw %}gmessages_{{.}}
matrix_mautrix_gmessages_public_media_signing_key: '' matrix_mautrix_gmessages_public_media_signing_key: ''
# Shared secret for authentication of provisioning API requests.
# If set to "disable", the provisioning API will be disabled.
matrix_mautrix_gmessages_provisioning_shared_secret: disable
matrix_mautrix_gmessages_bridge_personal_filtering_spaces: true matrix_mautrix_gmessages_bridge_personal_filtering_spaces: true
matrix_mautrix_gmessages_bridge_permissions: | matrix_mautrix_gmessages_bridge_permissions: |
roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2
+2 -2
View File
@@ -181,7 +181,7 @@ appservice:
address: {{ matrix_mautrix_gmessages_appservice_address }} address: {{ matrix_mautrix_gmessages_appservice_address }}
# A public address that external services can use to reach this appservice. # A public address that external services can use to reach this appservice.
# This value doesn't affect the registration file. # This value doesn't affect the registration file.
public_address: https://bridge.example.com public_address: {{ matrix_mautrix_gmessages_bridge_public_address | to_json }}
# The hostname and port where this appservice should listen. # The hostname and port where this appservice should listen.
# For Docker, you generally have to change the hostname to 0.0.0.0. # For Docker, you generally have to change the hostname to 0.0.0.0.
@@ -247,7 +247,7 @@ provisioning:
prefix: /_matrix/provision prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate" or null, a random secret will be generated, # Shared secret for authentication. If set to "generate" or null, a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled. # or if set to "disable", the provisioning API will be disabled.
shared_secret: disable shared_secret: {{ matrix_mautrix_gmessages_provisioning_shared_secret | to_json }}
# Whether to allow provisioning API requests to be authed using Matrix access tokens. # Whether to allow provisioning API requests to be authed using Matrix access tokens.
# This follows the same rules as double puppeting to determine which server to contact to check the token, # This follows the same rules as double puppeting to determine which server to contact to check the token,
# which means that by default, it only works for users on the same server as the bridge. # which means that by default, it only works for users on the same server as the bridge.
roles/custom/matrix-bridge-mautrix-gmessages/templates/labels.j2
+33
View File
@@ -46,6 +46,39 @@ traefik.http.routers.matrix-mautrix-gmessages-metrics.tls.certResolver={{ matrix
############################################################ ############################################################
{% endif %} {% endif %}
{% if matrix_mautrix_gmessages_container_labels_exposure_enabled %}
############################################################
# #
# Bridge API exposure #
# #
############################################################
traefik.http.services.matrix-mautrix-gmessages-exposure.loadbalancer.server.port=8080
traefik.http.middlewares.matrix-mautrix-gmessages-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_gmessages_exposure_path_prefix }}
traefik.http.routers.matrix-mautrix-gmessages-exposure.middlewares=matrix-mautrix-gmessages-exposure-strip-prefix
traefik.http.routers.matrix-mautrix-gmessages-exposure.rule={{ matrix_mautrix_gmessages_container_labels_exposure_traefik_rule }}
{% if matrix_mautrix_gmessages_container_labels_exposure_traefik_priority | int > 0 %}
traefik.http.routers.matrix-mautrix-gmessages-exposure.priority={{ matrix_mautrix_gmessages_container_labels_exposure_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-mautrix-gmessages-exposure.service=matrix-mautrix-gmessages-exposure
traefik.http.routers.matrix-mautrix-gmessages-exposure.entrypoints={{ matrix_mautrix_gmessages_container_labels_exposure_traefik_entrypoints }}
traefik.http.routers.matrix-mautrix-gmessages-exposure.tls={{ matrix_mautrix_gmessages_container_labels_exposure_traefik_tls | to_json }}
{% if matrix_mautrix_gmessages_container_labels_exposure_traefik_tls %}
traefik.http.routers.matrix-mautrix-gmessages-exposure.tls.certResolver={{ matrix_mautrix_gmessages_container_labels_exposure_traefik_tls_certResolver }}
{% endif %}
############################################################
# #
# /Bridge API exposure #
# #
############################################################
{% endif %}
{% endif %} {% endif %}
roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml
+21
View File
@@ -63,6 +63,15 @@ matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_ena
# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_users: '' matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_users: ''
# Controls whether labels will be added that expose mautrix-meta-instagram's HTTP API
# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
matrix_mautrix_meta_instagram_container_labels_exposure_enabled: "{{ matrix_mautrix_meta_instagram_exposure_enabled }}"
matrix_mautrix_meta_instagram_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_meta_instagram_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_meta_instagram_exposure_path_prefix }}`)"
matrix_mautrix_meta_instagram_container_labels_exposure_traefik_priority: 0
matrix_mautrix_meta_instagram_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_meta_instagram_container_labels_traefik_entrypoints }}"
matrix_mautrix_meta_instagram_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_meta_instagram_container_labels_exposure_traefik_entrypoints != 'web' }}"
matrix_mautrix_meta_instagram_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_meta_instagram_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# matrix_mautrix_meta_instagram_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # matrix_mautrix_meta_instagram_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details. # See `../templates/labels.j2` for details.
# #
@@ -123,6 +132,13 @@ matrix_mautrix_meta_instagram_homeserver_token: ''
matrix_mautrix_meta_instagram_appservice_address: "http://{{ matrix_mautrix_meta_instagram_identifier }}:29319" matrix_mautrix_meta_instagram_appservice_address: "http://{{ matrix_mautrix_meta_instagram_identifier }}:29319"
# Scheme of the bridge's public address (see `matrix_mautrix_meta_instagram_bridge_public_address`).
matrix_mautrix_meta_instagram_scheme: https
# The public base URL at which this bridge's HTTP API is reachable from outside (when exposed).
# Used for the provisioning API's external-server (OpenID) flow and for public media links.
matrix_mautrix_meta_instagram_bridge_public_address: "{{ (matrix_mautrix_meta_instagram_scheme + '://' + matrix_mautrix_meta_instagram_exposure_hostname + matrix_mautrix_meta_instagram_exposure_path_prefix) if matrix_mautrix_meta_instagram_exposure_enabled else '' }}"
matrix_mautrix_meta_instagram_appservice_id: "{{ matrix_mautrix_meta_instagram_meta_mode }}" matrix_mautrix_meta_instagram_appservice_id: "{{ matrix_mautrix_meta_instagram_meta_mode }}"
matrix_mautrix_meta_instagram_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" matrix_mautrix_meta_instagram_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
@@ -182,6 +198,11 @@ matrix_mautrix_meta_instagram_metrics_proxying_enabled: false
matrix_mautrix_meta_instagram_metrics_proxying_hostname: '' matrix_mautrix_meta_instagram_metrics_proxying_hostname: ''
matrix_mautrix_meta_instagram_metrics_proxying_path_prefix: '' matrix_mautrix_meta_instagram_metrics_proxying_path_prefix: ''
# Controls whether mautrix-meta-instagram's HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
matrix_mautrix_meta_instagram_exposure_enabled: false
matrix_mautrix_meta_instagram_exposure_hostname: ''
matrix_mautrix_meta_instagram_exposure_path_prefix: ''
matrix_mautrix_meta_instagram_bridge_username_prefix: |- matrix_mautrix_meta_instagram_bridge_username_prefix: |-
{{ {{
({ ({
roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2
+1 -1
View File
@@ -197,7 +197,7 @@ appservice:
address: {{ matrix_mautrix_meta_instagram_appservice_address | to_json }} address: {{ matrix_mautrix_meta_instagram_appservice_address | to_json }}
# A public address that external services can use to reach this appservice. # A public address that external services can use to reach this appservice.
# This value doesn't affect the registration file. # This value doesn't affect the registration file.
public_address: https://bridge.example.com public_address: {{ matrix_mautrix_meta_instagram_bridge_public_address | to_json }}
# The hostname and port where this appservice should listen. # The hostname and port where this appservice should listen.
# For Docker, you generally have to change the hostname to 0.0.0.0. # For Docker, you generally have to change the hostname to 0.0.0.0.
roles/custom/matrix-bridge-mautrix-meta-instagram/templates/labels.j2
+36 -1
View File
@@ -4,15 +4,19 @@ SPDX-FileCopyrightText: 2024 Slavi Pantaleev
SPDX-License-Identifier: AGPL-3.0-or-later SPDX-License-Identifier: AGPL-3.0-or-later
#} #}
{% if matrix_mautrix_meta_instagram_container_labels_traefik_enabled and matrix_mautrix_meta_instagram_container_labels_metrics_enabled %} {% if matrix_mautrix_meta_instagram_container_labels_traefik_enabled and (matrix_mautrix_meta_instagram_container_labels_metrics_enabled or matrix_mautrix_meta_instagram_container_labels_exposure_enabled) %}
traefik.enable=true traefik.enable=true
{% if matrix_mautrix_meta_instagram_container_labels_traefik_docker_network %} {% if matrix_mautrix_meta_instagram_container_labels_traefik_docker_network %}
traefik.docker.network={{ matrix_mautrix_meta_instagram_container_labels_traefik_docker_network }} traefik.docker.network={{ matrix_mautrix_meta_instagram_container_labels_traefik_docker_network }}
{% endif %} {% endif %}
{% if matrix_mautrix_meta_instagram_container_labels_exposure_enabled %}
traefik.http.services.{{ matrix_mautrix_meta_instagram_identifier }}-appservice.loadbalancer.server.port=29319 traefik.http.services.{{ matrix_mautrix_meta_instagram_identifier }}-appservice.loadbalancer.server.port=29319
{% endif %}
{% if matrix_mautrix_meta_instagram_container_labels_metrics_enabled %}
traefik.http.services.{{ matrix_mautrix_meta_instagram_identifier }}-metrics.loadbalancer.server.port=8000 traefik.http.services.{{ matrix_mautrix_meta_instagram_identifier }}-metrics.loadbalancer.server.port=8000
{% endif %}
{% if matrix_mautrix_meta_instagram_container_labels_metrics_enabled %} {% if matrix_mautrix_meta_instagram_container_labels_metrics_enabled %}
@@ -48,6 +52,37 @@ traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-metrics.tls.
############################################################ ############################################################
{% endif %} {% endif %}
{% if matrix_mautrix_meta_instagram_container_labels_exposure_enabled %}
############################################################
# #
# Bridge API exposure #
# #
############################################################
traefik.http.middlewares.{{ matrix_mautrix_meta_instagram_identifier }}-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_meta_instagram_exposure_path_prefix }}
traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-exposure.middlewares={{ matrix_mautrix_meta_instagram_identifier }}-exposure-strip-prefix
traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-exposure.rule={{ matrix_mautrix_meta_instagram_container_labels_exposure_traefik_rule }}
{% if matrix_mautrix_meta_instagram_container_labels_exposure_traefik_priority | int > 0 %}
traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-exposure.priority={{ matrix_mautrix_meta_instagram_container_labels_exposure_traefik_priority }}
{% endif %}
traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-exposure.service={{ matrix_mautrix_meta_instagram_identifier }}-appservice
traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-exposure.entrypoints={{ matrix_mautrix_meta_instagram_container_labels_exposure_traefik_entrypoints }}
traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-exposure.tls={{ matrix_mautrix_meta_instagram_container_labels_exposure_traefik_tls | to_json }}
{% if matrix_mautrix_meta_instagram_container_labels_exposure_traefik_tls %}
traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-exposure.tls.certResolver={{ matrix_mautrix_meta_instagram_container_labels_exposure_traefik_tls_certResolver }}
{% endif %}
############################################################
# #
# /Bridge API exposure #
# #
############################################################
{% endif %}
{% endif %} {% endif %}
roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml
+21
View File
@@ -63,6 +63,15 @@ matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_ena
# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_users: '' matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_users: ''
# Controls whether labels will be added that expose mautrix-meta-messenger's HTTP API
# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
matrix_mautrix_meta_messenger_container_labels_exposure_enabled: "{{ matrix_mautrix_meta_messenger_exposure_enabled }}"
matrix_mautrix_meta_messenger_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_meta_messenger_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_meta_messenger_exposure_path_prefix }}`)"
matrix_mautrix_meta_messenger_container_labels_exposure_traefik_priority: 0
matrix_mautrix_meta_messenger_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_meta_messenger_container_labels_traefik_entrypoints }}"
matrix_mautrix_meta_messenger_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_meta_messenger_container_labels_exposure_traefik_entrypoints != 'web' }}"
matrix_mautrix_meta_messenger_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_meta_messenger_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# matrix_mautrix_meta_messenger_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # matrix_mautrix_meta_messenger_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details. # See `../templates/labels.j2` for details.
# #
@@ -123,6 +132,13 @@ matrix_mautrix_meta_messenger_homeserver_token: ''
matrix_mautrix_meta_messenger_appservice_address: "http://{{ matrix_mautrix_meta_messenger_identifier }}:29319" matrix_mautrix_meta_messenger_appservice_address: "http://{{ matrix_mautrix_meta_messenger_identifier }}:29319"
# Scheme of the bridge's public address (see `matrix_mautrix_meta_messenger_bridge_public_address`).
matrix_mautrix_meta_messenger_scheme: https
# The public base URL at which this bridge's HTTP API is reachable from outside (when exposed).
# Used for the provisioning API's external-server (OpenID) flow and for public media links.
matrix_mautrix_meta_messenger_bridge_public_address: "{{ (matrix_mautrix_meta_messenger_scheme + '://' + matrix_mautrix_meta_messenger_exposure_hostname + matrix_mautrix_meta_messenger_exposure_path_prefix) if matrix_mautrix_meta_messenger_exposure_enabled else '' }}"
matrix_mautrix_meta_messenger_appservice_id: "{{ matrix_mautrix_meta_messenger_meta_mode }}" matrix_mautrix_meta_messenger_appservice_id: "{{ matrix_mautrix_meta_messenger_meta_mode }}"
matrix_mautrix_meta_messenger_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" matrix_mautrix_meta_messenger_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
@@ -182,6 +198,11 @@ matrix_mautrix_meta_messenger_metrics_proxying_enabled: false
matrix_mautrix_meta_messenger_metrics_proxying_hostname: '' matrix_mautrix_meta_messenger_metrics_proxying_hostname: ''
matrix_mautrix_meta_messenger_metrics_proxying_path_prefix: '' matrix_mautrix_meta_messenger_metrics_proxying_path_prefix: ''
# Controls whether mautrix-meta-messenger's HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
matrix_mautrix_meta_messenger_exposure_enabled: false
matrix_mautrix_meta_messenger_exposure_hostname: ''
matrix_mautrix_meta_messenger_exposure_path_prefix: ''
matrix_mautrix_meta_messenger_bridge_username_prefix: |- matrix_mautrix_meta_messenger_bridge_username_prefix: |-
{{ {{
({ ({
roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2
+1 -1
View File
@@ -197,7 +197,7 @@ appservice:
address: {{ matrix_mautrix_meta_messenger_appservice_address | to_json }} address: {{ matrix_mautrix_meta_messenger_appservice_address | to_json }}
# A public address that external services can use to reach this appservice. # A public address that external services can use to reach this appservice.
# This value doesn't affect the registration file. # This value doesn't affect the registration file.
public_address: https://bridge.example.com public_address: {{ matrix_mautrix_meta_messenger_bridge_public_address | to_json }}
# The hostname and port where this appservice should listen. # The hostname and port where this appservice should listen.
# For Docker, you generally have to change the hostname to 0.0.0.0. # For Docker, you generally have to change the hostname to 0.0.0.0.
roles/custom/matrix-bridge-mautrix-meta-messenger/templates/labels.j2
+36 -1
View File
@@ -4,15 +4,19 @@ SPDX-FileCopyrightText: 2024 Slavi Pantaleev
SPDX-License-Identifier: AGPL-3.0-or-later SPDX-License-Identifier: AGPL-3.0-or-later
#} #}
{% if matrix_mautrix_meta_messenger_container_labels_traefik_enabled and matrix_mautrix_meta_messenger_container_labels_metrics_enabled %} {% if matrix_mautrix_meta_messenger_container_labels_traefik_enabled and (matrix_mautrix_meta_messenger_container_labels_metrics_enabled or matrix_mautrix_meta_messenger_container_labels_exposure_enabled) %}
traefik.enable=true traefik.enable=true
{% if matrix_mautrix_meta_messenger_container_labels_traefik_docker_network %} {% if matrix_mautrix_meta_messenger_container_labels_traefik_docker_network %}
traefik.docker.network={{ matrix_mautrix_meta_messenger_container_labels_traefik_docker_network }} traefik.docker.network={{ matrix_mautrix_meta_messenger_container_labels_traefik_docker_network }}
{% endif %} {% endif %}
{% if matrix_mautrix_meta_messenger_container_labels_exposure_enabled %}
traefik.http.services.{{ matrix_mautrix_meta_messenger_identifier }}-appservice.loadbalancer.server.port=29319 traefik.http.services.{{ matrix_mautrix_meta_messenger_identifier }}-appservice.loadbalancer.server.port=29319
{% endif %}
{% if matrix_mautrix_meta_messenger_container_labels_metrics_enabled %}
traefik.http.services.{{ matrix_mautrix_meta_messenger_identifier }}-metrics.loadbalancer.server.port=8000 traefik.http.services.{{ matrix_mautrix_meta_messenger_identifier }}-metrics.loadbalancer.server.port=8000
{% endif %}
{% if matrix_mautrix_meta_messenger_container_labels_metrics_enabled %} {% if matrix_mautrix_meta_messenger_container_labels_metrics_enabled %}
@@ -48,6 +52,37 @@ traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-metrics.tls.
############################################################ ############################################################
{% endif %} {% endif %}
{% if matrix_mautrix_meta_messenger_container_labels_exposure_enabled %}
############################################################
# #
# Bridge API exposure #
# #
############################################################
traefik.http.middlewares.{{ matrix_mautrix_meta_messenger_identifier }}-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_meta_messenger_exposure_path_prefix }}
traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-exposure.middlewares={{ matrix_mautrix_meta_messenger_identifier }}-exposure-strip-prefix
traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-exposure.rule={{ matrix_mautrix_meta_messenger_container_labels_exposure_traefik_rule }}
{% if matrix_mautrix_meta_messenger_container_labels_exposure_traefik_priority | int > 0 %}
traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-exposure.priority={{ matrix_mautrix_meta_messenger_container_labels_exposure_traefik_priority }}
{% endif %}
traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-exposure.service={{ matrix_mautrix_meta_messenger_identifier }}-appservice
traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-exposure.entrypoints={{ matrix_mautrix_meta_messenger_container_labels_exposure_traefik_entrypoints }}
traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-exposure.tls={{ matrix_mautrix_meta_messenger_container_labels_exposure_traefik_tls | to_json }}
{% if matrix_mautrix_meta_messenger_container_labels_exposure_traefik_tls %}
traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-exposure.tls.certResolver={{ matrix_mautrix_meta_messenger_container_labels_exposure_traefik_tls_certResolver }}
{% endif %}
############################################################
# #
# /Bridge API exposure #
# #
############################################################
{% endif %}
{% endif %} {% endif %}
roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
+21
View File
@@ -46,6 +46,13 @@ matrix_mautrix_signal_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_signal_homeserver_async_media: false matrix_mautrix_signal_homeserver_async_media: false
matrix_mautrix_signal_appservice_address: "http://matrix-mautrix-signal:8080" matrix_mautrix_signal_appservice_address: "http://matrix-mautrix-signal:8080"
# Scheme of the bridge's public address (see `matrix_mautrix_signal_bridge_public_address`).
matrix_mautrix_signal_scheme: https
# The public base URL at which this bridge's HTTP API is reachable from outside (when exposed).
# Used for the provisioning API's external-server (OpenID) flow and for public media links.
matrix_mautrix_signal_bridge_public_address: "{{ (matrix_mautrix_signal_scheme + '://' + matrix_mautrix_signal_exposure_hostname + matrix_mautrix_signal_exposure_path_prefix) if matrix_mautrix_signal_exposure_enabled else '' }}"
matrix_mautrix_signal_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" matrix_mautrix_signal_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
matrix_mautrix_signal_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}" matrix_mautrix_signal_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
@@ -100,6 +107,15 @@ matrix_mautrix_signal_container_labels_metrics_middleware_basic_auth_enabled: fa
# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
matrix_mautrix_signal_container_labels_metrics_middleware_basic_auth_users: '' matrix_mautrix_signal_container_labels_metrics_middleware_basic_auth_users: ''
# Controls whether labels will be added that expose mautrix-signal's HTTP API
# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
matrix_mautrix_signal_container_labels_exposure_enabled: "{{ matrix_mautrix_signal_exposure_enabled }}"
matrix_mautrix_signal_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_signal_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_signal_exposure_path_prefix }}`)"
matrix_mautrix_signal_container_labels_exposure_traefik_priority: 0
matrix_mautrix_signal_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_signal_container_labels_traefik_entrypoints }}"
matrix_mautrix_signal_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_signal_container_labels_exposure_traefik_entrypoints != 'web' }}"
matrix_mautrix_signal_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_signal_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# matrix_mautrix_signal_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # matrix_mautrix_signal_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details. # See `../templates/labels.j2` for details.
# #
@@ -150,6 +166,11 @@ matrix_mautrix_signal_metrics_proxying_enabled: false
matrix_mautrix_signal_metrics_proxying_hostname: '' matrix_mautrix_signal_metrics_proxying_hostname: ''
matrix_mautrix_signal_metrics_proxying_path_prefix: '' matrix_mautrix_signal_metrics_proxying_path_prefix: ''
# Controls whether mautrix-signal's HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
matrix_mautrix_signal_exposure_enabled: false
matrix_mautrix_signal_exposure_hostname: ''
matrix_mautrix_signal_exposure_path_prefix: ''
# Database-related configuration fields. # Database-related configuration fields.
# #
# To use SQLite, stick to these defaults. # To use SQLite, stick to these defaults.
roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2
+1 -1
View File
@@ -171,7 +171,7 @@ appservice:
# A public address that external services can use to reach this appservice. # A public address that external services can use to reach this appservice.
# This value doesn't affect the registration file. # This value doesn't affect the registration file.
public_address: "" public_address: {{ matrix_mautrix_signal_bridge_public_address | to_json }}
# The hostname and port where this appservice should listen. # The hostname and port where this appservice should listen.
# For Docker, you generally have to change the hostname to 0.0.0.0. # For Docker, you generally have to change the hostname to 0.0.0.0.
roles/custom/matrix-bridge-mautrix-signal/templates/labels.j2
+33
View File
@@ -46,6 +46,39 @@ traefik.http.routers.matrix-mautrix-signal-metrics.tls.certResolver={{ matrix_ma
############################################################ ############################################################
{% endif %} {% endif %}
{% if matrix_mautrix_signal_container_labels_exposure_enabled %}
############################################################
# #
# Bridge API exposure #
# #
############################################################
traefik.http.services.matrix-mautrix-signal-exposure.loadbalancer.server.port=8080
traefik.http.middlewares.matrix-mautrix-signal-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_signal_exposure_path_prefix }}
traefik.http.routers.matrix-mautrix-signal-exposure.middlewares=matrix-mautrix-signal-exposure-strip-prefix
traefik.http.routers.matrix-mautrix-signal-exposure.rule={{ matrix_mautrix_signal_container_labels_exposure_traefik_rule }}
{% if matrix_mautrix_signal_container_labels_exposure_traefik_priority | int > 0 %}
traefik.http.routers.matrix-mautrix-signal-exposure.priority={{ matrix_mautrix_signal_container_labels_exposure_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-mautrix-signal-exposure.service=matrix-mautrix-signal-exposure
traefik.http.routers.matrix-mautrix-signal-exposure.entrypoints={{ matrix_mautrix_signal_container_labels_exposure_traefik_entrypoints }}
traefik.http.routers.matrix-mautrix-signal-exposure.tls={{ matrix_mautrix_signal_container_labels_exposure_traefik_tls | to_json }}
{% if matrix_mautrix_signal_container_labels_exposure_traefik_tls %}
traefik.http.routers.matrix-mautrix-signal-exposure.tls.certResolver={{ matrix_mautrix_signal_container_labels_exposure_traefik_tls_certResolver }}
{% endif %}
############################################################
# #
# /Bridge API exposure #
# #
############################################################
{% endif %}
{% endif %} {% endif %}
roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
+21
View File
@@ -46,6 +46,13 @@ matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}'
matrix_mautrix_telegram_homeserver_async_media: false matrix_mautrix_telegram_homeserver_async_media: false
matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080' matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080'
# Scheme of the bridge's public address (see `matrix_mautrix_telegram_bridge_public_address`).
matrix_mautrix_telegram_scheme: https
# The public base URL at which this bridge's HTTP API is reachable from outside (when exposed).
# Used for the provisioning API's external-server (OpenID) flow and for public media links.
matrix_mautrix_telegram_bridge_public_address: "{{ (matrix_mautrix_telegram_scheme + '://' + matrix_mautrix_telegram_exposure_hostname + matrix_mautrix_telegram_exposure_path_prefix) if matrix_mautrix_telegram_exposure_enabled else '' }}"
matrix_mautrix_telegram_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" matrix_mautrix_telegram_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
matrix_mautrix_telegram_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}" matrix_mautrix_telegram_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
@@ -81,6 +88,15 @@ matrix_mautrix_telegram_container_labels_metrics_middleware_basic_auth_enabled:
# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
matrix_mautrix_telegram_container_labels_metrics_middleware_basic_auth_users: '' matrix_mautrix_telegram_container_labels_metrics_middleware_basic_auth_users: ''
# Controls whether labels will be added that expose mautrix-telegram's HTTP API
# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
matrix_mautrix_telegram_container_labels_exposure_enabled: "{{ matrix_mautrix_telegram_exposure_enabled }}"
matrix_mautrix_telegram_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_telegram_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_telegram_exposure_path_prefix }}`)"
matrix_mautrix_telegram_container_labels_exposure_traefik_priority: 0
matrix_mautrix_telegram_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_telegram_container_labels_traefik_entrypoints }}"
matrix_mautrix_telegram_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_telegram_container_labels_exposure_traefik_entrypoints != 'web' }}"
matrix_mautrix_telegram_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_telegram_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# matrix_mautrix_telegram_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # matrix_mautrix_telegram_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details. # See `../templates/labels.j2` for details.
# #
@@ -125,6 +141,11 @@ matrix_mautrix_telegram_metrics_proxying_enabled: false
matrix_mautrix_telegram_metrics_proxying_hostname: '' matrix_mautrix_telegram_metrics_proxying_hostname: ''
matrix_mautrix_telegram_metrics_proxying_path_prefix: '' matrix_mautrix_telegram_metrics_proxying_path_prefix: ''
# Controls whether mautrix-telegram's HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
matrix_mautrix_telegram_exposure_enabled: false
matrix_mautrix_telegram_exposure_hostname: ''
matrix_mautrix_telegram_exposure_path_prefix: ''
# Database-related configuration fields. # Database-related configuration fields.
# #
# To use SQLite, stick to these defaults. # To use SQLite, stick to these defaults.
roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
+1 -1
View File
@@ -281,7 +281,7 @@ appservice:
# A public address that external services can use to reach this appservice. # A public address that external services can use to reach this appservice.
# This is only needed for things like public media. A reverse proxy is generally necessary when using this field. # This is only needed for things like public media. A reverse proxy is generally necessary when using this field.
# This value doesn't affect the registration file. # This value doesn't affect the registration file.
public_address: "" public_address: {{ matrix_mautrix_telegram_bridge_public_address | to_json }}
# The hostname and port where this appservice should listen. # The hostname and port where this appservice should listen.
# For Docker, you generally have to change the hostname to 0.0.0.0. # For Docker, you generally have to change the hostname to 0.0.0.0.
roles/custom/matrix-bridge-mautrix-telegram/templates/labels.j2
+33
View File
@@ -46,6 +46,39 @@ traefik.http.routers.matrix-mautrix-telegram-metrics.tls.certResolver={{ matrix_
############################################################ ############################################################
{% endif %} {% endif %}
{% if matrix_mautrix_telegram_container_labels_exposure_enabled %}
############################################################
# #
# Bridge API exposure #
# #
############################################################
traefik.http.services.matrix-mautrix-telegram-exposure.loadbalancer.server.port=8080
traefik.http.middlewares.matrix-mautrix-telegram-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_telegram_exposure_path_prefix }}
traefik.http.routers.matrix-mautrix-telegram-exposure.middlewares=matrix-mautrix-telegram-exposure-strip-prefix
traefik.http.routers.matrix-mautrix-telegram-exposure.rule={{ matrix_mautrix_telegram_container_labels_exposure_traefik_rule }}
{% if matrix_mautrix_telegram_container_labels_exposure_traefik_priority | int > 0 %}
traefik.http.routers.matrix-mautrix-telegram-exposure.priority={{ matrix_mautrix_telegram_container_labels_exposure_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-mautrix-telegram-exposure.service=matrix-mautrix-telegram-exposure
traefik.http.routers.matrix-mautrix-telegram-exposure.entrypoints={{ matrix_mautrix_telegram_container_labels_exposure_traefik_entrypoints }}
traefik.http.routers.matrix-mautrix-telegram-exposure.tls={{ matrix_mautrix_telegram_container_labels_exposure_traefik_tls | to_json }}
{% if matrix_mautrix_telegram_container_labels_exposure_traefik_tls %}
traefik.http.routers.matrix-mautrix-telegram-exposure.tls.certResolver={{ matrix_mautrix_telegram_container_labels_exposure_traefik_tls_certResolver }}
{% endif %}
############################################################
# #
# /Bridge API exposure #
# #
############################################################
{% endif %}
{% endif %} {% endif %}
roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml
+20 -2
View File
@@ -44,8 +44,12 @@ matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327'
matrix_mautrix_twitter_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" matrix_mautrix_twitter_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
matrix_mautrix_twitter_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}" matrix_mautrix_twitter_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
# A public address that external services can use to reach this appservice. # Scheme of the bridge's public address (see `matrix_mautrix_twitter_appservice_public_address`).
matrix_mautrix_twitter_appservice_public_address: '' matrix_mautrix_twitter_scheme: https
# A public address that external services can use to reach this appservice (when exposed).
# Used for the provisioning API's external-server (OpenID) flow and for public media links.
matrix_mautrix_twitter_appservice_public_address: "{{ (matrix_mautrix_twitter_scheme + '://' + matrix_mautrix_twitter_exposure_hostname + matrix_mautrix_twitter_exposure_path_prefix) if matrix_mautrix_twitter_exposure_enabled else '' }}"
# Displayname template for Twitter users. # Displayname template for Twitter users.
# {{ .DisplayName }} is replaced with the display name of the Twitter user. # {{ .DisplayName }} is replaced with the display name of the Twitter user.
@@ -86,6 +90,15 @@ matrix_mautrix_twitter_container_labels_metrics_middleware_basic_auth_enabled: f
# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
matrix_mautrix_twitter_container_labels_metrics_middleware_basic_auth_users: '' matrix_mautrix_twitter_container_labels_metrics_middleware_basic_auth_users: ''
# Controls whether labels will be added that expose mautrix-twitter's HTTP API
# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
matrix_mautrix_twitter_container_labels_exposure_enabled: "{{ matrix_mautrix_twitter_exposure_enabled }}"
matrix_mautrix_twitter_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_twitter_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_twitter_exposure_path_prefix }}`)"
matrix_mautrix_twitter_container_labels_exposure_traefik_priority: 0
matrix_mautrix_twitter_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_twitter_container_labels_traefik_entrypoints }}"
matrix_mautrix_twitter_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_twitter_container_labels_exposure_traefik_entrypoints != 'web' }}"
matrix_mautrix_twitter_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_twitter_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# matrix_mautrix_twitter_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # matrix_mautrix_twitter_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details. # See `../templates/labels.j2` for details.
# #
@@ -166,6 +179,11 @@ matrix_mautrix_twitter_metrics_proxying_enabled: false
matrix_mautrix_twitter_metrics_proxying_hostname: '' matrix_mautrix_twitter_metrics_proxying_hostname: ''
matrix_mautrix_twitter_metrics_proxying_path_prefix: '' matrix_mautrix_twitter_metrics_proxying_path_prefix: ''
# Controls whether mautrix-twitter's HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
matrix_mautrix_twitter_exposure_enabled: false
matrix_mautrix_twitter_exposure_hostname: ''
matrix_mautrix_twitter_exposure_path_prefix: ''
# Default configuration template which covers the generic use case. # Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it. # You can customize it by controlling the various variables inside it.
# #
roles/custom/matrix-bridge-mautrix-twitter/templates/labels.j2
+33
View File
@@ -46,6 +46,39 @@ traefik.http.routers.matrix-mautrix-twitter-metrics.tls.certResolver={{ matrix_m
############################################################ ############################################################
{% endif %} {% endif %}
{% if matrix_mautrix_twitter_container_labels_exposure_enabled %}
############################################################
# #
# Bridge API exposure #
# #
############################################################
traefik.http.services.matrix-mautrix-twitter-exposure.loadbalancer.server.port=29327
traefik.http.middlewares.matrix-mautrix-twitter-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_twitter_exposure_path_prefix }}
traefik.http.routers.matrix-mautrix-twitter-exposure.middlewares=matrix-mautrix-twitter-exposure-strip-prefix
traefik.http.routers.matrix-mautrix-twitter-exposure.rule={{ matrix_mautrix_twitter_container_labels_exposure_traefik_rule }}
{% if matrix_mautrix_twitter_container_labels_exposure_traefik_priority | int > 0 %}
traefik.http.routers.matrix-mautrix-twitter-exposure.priority={{ matrix_mautrix_twitter_container_labels_exposure_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-mautrix-twitter-exposure.service=matrix-mautrix-twitter-exposure
traefik.http.routers.matrix-mautrix-twitter-exposure.entrypoints={{ matrix_mautrix_twitter_container_labels_exposure_traefik_entrypoints }}
traefik.http.routers.matrix-mautrix-twitter-exposure.tls={{ matrix_mautrix_twitter_container_labels_exposure_traefik_tls | to_json }}
{% if matrix_mautrix_twitter_container_labels_exposure_traefik_tls %}
traefik.http.routers.matrix-mautrix-twitter-exposure.tls.certResolver={{ matrix_mautrix_twitter_container_labels_exposure_traefik_tls_certResolver }}
{% endif %}
############################################################
# #
# /Bridge API exposure #
# #
############################################################
{% endif %}
{% endif %} {% endif %}
roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
+21
View File
@@ -48,6 +48,13 @@ matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_whatsapp_homeserver_async_media: false matrix_mautrix_whatsapp_homeserver_async_media: false
matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080" matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080"
# Scheme of the bridge's public address (see `matrix_mautrix_whatsapp_bridge_public_address`).
matrix_mautrix_whatsapp_scheme: https
# The public base URL at which this bridge's HTTP API is reachable from outside (when exposed).
# Used for the provisioning API's external-server (OpenID) flow and for public media links.
matrix_mautrix_whatsapp_bridge_public_address: "{{ (matrix_mautrix_whatsapp_scheme + '://' + matrix_mautrix_whatsapp_exposure_hostname + matrix_mautrix_whatsapp_exposure_path_prefix) if matrix_mautrix_whatsapp_exposure_enabled else '' }}"
matrix_mautrix_whatsapp_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" matrix_mautrix_whatsapp_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
matrix_mautrix_whatsapp_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}" matrix_mautrix_whatsapp_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
@@ -81,6 +88,15 @@ matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_enabled:
# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_users: '' matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_users: ''
# Controls whether labels will be added that expose mautrix-whatsapp's HTTP API
# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
matrix_mautrix_whatsapp_container_labels_exposure_enabled: "{{ matrix_mautrix_whatsapp_exposure_enabled }}"
matrix_mautrix_whatsapp_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_whatsapp_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_whatsapp_exposure_path_prefix }}`)"
matrix_mautrix_whatsapp_container_labels_exposure_traefik_priority: 0
matrix_mautrix_whatsapp_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_whatsapp_container_labels_traefik_entrypoints }}"
matrix_mautrix_whatsapp_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_whatsapp_container_labels_exposure_traefik_entrypoints != 'web' }}"
matrix_mautrix_whatsapp_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_whatsapp_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# matrix_mautrix_whatsapp_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # matrix_mautrix_whatsapp_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details. # See `../templates/labels.j2` for details.
# #
@@ -125,6 +141,11 @@ matrix_mautrix_whatsapp_metrics_proxying_enabled: false
matrix_mautrix_whatsapp_metrics_proxying_hostname: '' matrix_mautrix_whatsapp_metrics_proxying_hostname: ''
matrix_mautrix_whatsapp_metrics_proxying_path_prefix: '' matrix_mautrix_whatsapp_metrics_proxying_path_prefix: ''
# Controls whether mautrix-whatsapp's HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
matrix_mautrix_whatsapp_exposure_enabled: false
matrix_mautrix_whatsapp_exposure_hostname: ''
matrix_mautrix_whatsapp_exposure_path_prefix: ''
# Database-related configuration fields. # Database-related configuration fields.
# #
# To use SQLite, stick to these defaults. # To use SQLite, stick to these defaults.
roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
+1 -1
View File
@@ -269,7 +269,7 @@ appservice:
# A public address that external services can use to reach this appservice. # A public address that external services can use to reach this appservice.
# This is only needed for things like public media. A reverse proxy is generally necessary when using this field. # This is only needed for things like public media. A reverse proxy is generally necessary when using this field.
# This value doesn't affect the registration file. # This value doesn't affect the registration file.
public_address: "" public_address: {{ matrix_mautrix_whatsapp_bridge_public_address | to_json }}
# The hostname and port where this appservice should listen. # The hostname and port where this appservice should listen.
# For Docker, you generally have to change the hostname to 0.0.0.0. # For Docker, you generally have to change the hostname to 0.0.0.0.
roles/custom/matrix-bridge-mautrix-whatsapp/templates/labels.j2
+33
View File
@@ -46,6 +46,39 @@ traefik.http.routers.matrix-mautrix-whatsapp-metrics.tls.certResolver={{ matrix_
############################################################ ############################################################
{% endif %} {% endif %}
{% if matrix_mautrix_whatsapp_container_labels_exposure_enabled %}
############################################################
# #
# Bridge API exposure #
# #
############################################################
traefik.http.services.matrix-mautrix-whatsapp-exposure.loadbalancer.server.port=8080
traefik.http.middlewares.matrix-mautrix-whatsapp-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_whatsapp_exposure_path_prefix }}
traefik.http.routers.matrix-mautrix-whatsapp-exposure.middlewares=matrix-mautrix-whatsapp-exposure-strip-prefix
traefik.http.routers.matrix-mautrix-whatsapp-exposure.rule={{ matrix_mautrix_whatsapp_container_labels_exposure_traefik_rule }}
{% if matrix_mautrix_whatsapp_container_labels_exposure_traefik_priority | int > 0 %}
traefik.http.routers.matrix-mautrix-whatsapp-exposure.priority={{ matrix_mautrix_whatsapp_container_labels_exposure_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-mautrix-whatsapp-exposure.service=matrix-mautrix-whatsapp-exposure
traefik.http.routers.matrix-mautrix-whatsapp-exposure.entrypoints={{ matrix_mautrix_whatsapp_container_labels_exposure_traefik_entrypoints }}
traefik.http.routers.matrix-mautrix-whatsapp-exposure.tls={{ matrix_mautrix_whatsapp_container_labels_exposure_traefik_tls | to_json }}
{% if matrix_mautrix_whatsapp_container_labels_exposure_traefik_tls %}
traefik.http.routers.matrix-mautrix-whatsapp-exposure.tls.certResolver={{ matrix_mautrix_whatsapp_container_labels_exposure_traefik_tls_certResolver }}
{% endif %}
############################################################
# #
# /Bridge API exposure #
# #
############################################################
{% endif %}
{% endif %} {% endif %}